Freeradius: >> Freeradius >> 3.0.21 Security Vulnerabilities
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
CVSS Score
9.0
EPSS Score
0.008
Published
2024-07-09
In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-01-17
A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash.
CVSS Score
6.5
EPSS Score
0.003
Published
2023-01-17
modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password.
CVSS Score
6.0
EPSS Score
0.004
Published
2013-03-12
FreeRADIUS RADIUS server allows remote attackers to cause a denial of service (CPU consumption) via a flood of Access-Request packets.
CVSS Score
5.0
EPSS Score
0.01
Published
2002-06-25